Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
News
Home›News›Sophos – The problem with next-gen firewall app control

Sophos – The problem with next-gen firewall app control

By admin
05/01/2018
2600
0
Share:
Sophos n-g fwall app control

As much as 90% of application traffic is unidentified.

The next-generation firewall was essentially born out of a need to provide much-needed visibility and control over users and their applications.

So why does your app control report look like this?

Top Applications

In my recent article the problem with firewalls I explained why, for many network administrators, firewalls aren’t the trusted enforcers they once were. In this article I focus on why most of the traffic passing through a modern firewall remains unknown, unidentified or simply too generic to be classified or controlled.

Why application control matters

Over the years, firewalls have evolved, changing from outward looking perimeter sentries into network guardians that protect against threats from inside a network, as well as outside.

This change in focus has been driven by the threat of malware, the danger posed by application vulnerabilities, the risk of data breaches and data loss, compliance obligations, and the need to optimise network performance.

To accomplish these things the next-gen firewall literally rose above the ports and protocols of earlier stateful firewalls to higher layers in the OSI model, to provide visibility and control over users and their applications.

They use deep packet inspection to identify applications and associate them to users or hosts on a network, allowing administrators to do things like prioritising the ERP system, VoIP traffic or CRM software over streaming media, or blocking and identifying users of peer-to-peer file sharing apps.

That kind of control relies on your firewall being able to identify applications successfully, which it does by looking for patterns in traffic, referred to as signatures. Some applications wear the equivalent of a name tag, making their traffic easy to identify, most apps don’t though and some even go out of their way to slip through firewalls unidentified.

Applications that many organisations consider risky, such as BitTorrent clients, can try to fool your firewall by constantly changing their traffic patterns and the way they connect out of your network. Other applications evade detection by using encryption or masquerading as something else, such as a web browser.

Signature-based detection can also fail when an application is updated and its traffic pattern changes, or when an application is bespoke or simply too obscure to have a matching pattern.

It’s a situation that doesn’t just leave potential risks undetected, your essential business applications – things like ERP solutions or CRM software – can also go undetected, leaving their traffic to get crushed or squeezed out under the weight of web surfing and other less important or unwanted application traffic.

Without a match, your firewall has no idea what it’s dealing with and no control.

How big is the problem?

Sophos recently conducted a survey of mid-sized organisations to determine how much of their application traffic was going unidentified and uncontrolled.

Nearly 70% of organisations surveyed had a next-gen firewall or UTM with application awareness. Respondents revealed that, on average, 60% of traffic is going unidentified… and many organisations reported that up to 90% of their application traffic was unidentified.

If you’re concerned about the security, liability, or performance impact this lack of visibility is having on your organization, you’re not alone…

  • 82% of survey respondents are rightfully concerned about the security risk
  • 65% were concerned with the impact on network performance
  • 40% worried about potential legal liability and compliance risks

The survey also revealed the applications that organisations were most concerned about either because of the high risk of security vulnerabilities, compliance risks caused by potentially inappropriate or illegal content, productivity impact or bandwidth consumption:

  • IM and conference apps like Skype and TeamViewer
  • BitTorrent and other P2P clients including uTorrent, Vuze and Freenet
  • Proxy and tunnel clients such as Ultrasurf, Hotspot Shield and Psiphon
  • Games and gaming platforms like Steam

Your next-gen firewall’s signatures aren’t going to help you control these applications because they’re simply not going to find a match in most cases. The traffic will simply appear as HTTP, HTTPS, TLS, web browsing and other general, non-helpful categories in your reports.

Fortunately, we’ve come up with a rather elegant solution to this problem. Download our white paper Keep your network under control: Why network admins need complete application visibility to learn more.

Previous Article

WatchGuard GAV Outage for 11.10.5 and earlier ...

Next Article

SonicWall Product Notice: Spectre & Meltdown ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • WatchGuard logo
    NewsWatchGuard

    WatchGuard Recognized as a 2020 Gartner Peer Insights Customers’ Choice for Network Firewalls

    23/01/2020
    By admin
  • WatchGuard logo
    News

    WatchGuard Threat Detection & Response

    26/10/2017
    By admin
  • BarracudaNews

    Barracuda launches Cloud Security Guardian integration with Amazon Detective

    04/12/2019
    By admin
  • Fortinet
    FortinetNews

    Customers Choose Fortinet Secure SD-WAN for True WAN Edge Transformation

    10/10/2019
    By admin
  • NewsTrendMicro

    Small and Midsize Businesses Face Greater Cybersecurity Risks and Challenges

    06/09/2019
    By admin
  • SonicWall Press Release
    News

    SonicWall Turbocharges Innovation with Unprecedented Delivery of New Wireless, Mobile and Wired Network Security Products

    26/09/2017
    By admin

  • NewsSophos

    Sophos Mobile 9.5 and Intercept X for Mobile have launched!

  • NewsWatchGuard

    Six WatchGuard Channel Leaders Named to 2020 CRN Channel Chiefs List; Michelle Welch, SVP of Marketing Honored on Elite 50 List

  • WatchGuard KRACK
    News

    Wi-Fi Key Reinstallation Attack “KRACK” Update: Protecting Unpatched Devices

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home